package hn.cch.auth;


import hn.cch.util.StreamUtil;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;
import sun.security.pkcs.ContentInfo;
import sun.security.pkcs.PKCS7;
import sun.security.pkcs.SignerInfo;

import java.io.File;
import java.io.InputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Enumeration;

/**
 * 数字证书
 *
 * 私钥签名
 * 公钥验签
 *
 */
public class CerAuth {

private static final String charset = "UTF-8";

    public static boolean cer(byte[] data, byte[] sign) throws Exception {

        //.cer 只包含公钥
        File cer = new File("chench.cer");

        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(StreamUtil.toInput(cer));

        String sigalg = x509Certificate.getSigAlgName();
        Signature signature = Signature.getInstance(sigalg);
        signature.initVerify(x509Certificate);
        signature.update(data);
        boolean verify = signature.verify(sign);
        return verify;
    }

    public static byte[] p12(byte[] data) throws Exception {
        //.p12 包含公钥和私钥
        File p12 = new File("chench.p12");
        char[] password = "".toCharArray();

        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(StreamUtil.toInput(p12), password);

        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String alias = aliases.nextElement();
            Key key = keyStore.getKey(alias, password);
            // if (key instanceof PublicKey) {
            //
            //     byte[] sign = "".getBytes("UTF-8");
            //
            //     PublicKey publicKey = (PublicKey) key;
            //     X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(alias);
            //     String sigalg = x509Certificate.getSigAlgName();
            //     Signature signature = Signature.getInstance(sigalg);
            //     signature.initVerify(publicKey);
            //     signature.update(data);
            //     boolean verify = signature.verify(sign);
            // }

            if (key instanceof PrivateKey) {
                PrivateKey privateKey = (PrivateKey) key;
                X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(alias);
                String sigalg = x509Certificate.getSigAlgName();
                Signature signature = Signature.getInstance(sigalg);
                signature.initSign(privateKey);
                signature.update(data);

                byte[] sign = signature.sign();
                return sign;

            }
        }
        return new byte[0];
    }


    public static void auth() throws Exception {

        String string = "";
        BASE64Decoder base64Decoder = new BASE64Decoder();
        byte[] decodeBuffer = base64Decoder.decodeBuffer(string);


        PKCS7 pkcs7 = new PKCS7(decodeBuffer);
        ContentInfo contentInfo = pkcs7.getContentInfo();
        byte[] data = contentInfo.getData();


        Certificate[] certificates = pkcs7.getCertificates();
        PublicKey clientPublicKey = certificates[0].getPublicKey();

        File cer = new File(".cer");
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(StreamUtil.toInput(cer));
        PublicKey serverPublicKey = x509Certificate.getPublicKey();


        BASE64Encoder base64Encoder = new BASE64Encoder();
        String client = base64Encoder.encode(clientPublicKey.getEncoded());
        String server = base64Encoder.encode(serverPublicKey.getEncoded());

        if (!server.equals(client)){

        }

        SignerInfo[] signerInfos = pkcs7.getSignerInfos();
        byte[] sign = signerInfos[0].getEncryptedDigest();


        Signature signature = Signature.getInstance("SHA256WITHRSA");
        signature.initVerify(x509Certificate);
        signature.update(data);
        boolean verify = signature.verify(sign);
    }

    public static void main(String[] args) throws Exception {
    }


}
